Enabling login/logout (SSO users)
The Login settings can be found by clicking the Admin Settings link in the Main Navigation and then going to Governance > Manage login controls. Here you will find multiple options to help configure the login settings for users within your organization.
At the top you will find the basic Login settings, where you can choose to disable passwords and if logging out will also log you out of your SSO system. We strongly recommend that Password logins should always be enabled for obvious security reasons. If you use your SSO system for other services in addition to Jostle, we recommend keeping the Jostle logout separate from your SSO system. For information on SSO Mobile login options, see this article.
Enabling Multi-Factor Authentication (MFA)
Enabling Multi-Factor Authentication (MFA) for your intranet provides an additional layer of security for your organization.
To log in with MFA, users will first be required to install and set up an authenticator app (for example, the Google Authenticator) on their mobile device or tablet. Then, users will be required to enter their account password as well as one-time, randomly-generated passcode from the Authenticator in order to successfully log in.
Requiring a user’s knowledge (their password) and a user’s possession (their mobile device) in order to verify their identity can ensure the security of your intranet far beyond basic password-protection.
When creating your login settings there is the option to make MFA login Mandatory, Optional or Disabled for your users and/or System Administrators. It is recommended that it at least be enabled for all System Admins within your organization.
To set up Multi-Factor Authentication:
- Click on the Admin Settings link at the bottom of the Main Navigation
- In the Administration settings, go to Governance > Manage login controls
- Under Multi-Factor Administration (MFA) select your option.
- Scroll down and click Save.
- Selecting "Mandatory" will automatically check off "Required for System Admins".
- If MFA is currently enabled, selecting "Disabled" will delete all Contributors’ current MFA settings. If MFA is then re-enabled, they will have to go through the MFA setup process again.
- Resetting a Contributor's password from the Edit Contributor screen will require that user to reset their password as well complete the MFA setup process again.
- If a user selects the "Forgot Password" link on a login screen, they will only need to reset their password and can continue using their current MFA configuration.
In Administration settings > Platform > Login settings, you'll find options to configure automatic logout from Jostle. You can set the time duration for when an automatic logout occurs, and can be used to help with user account security if Jostle is being used in on-site computers within your organization. Automatic logout is also available for mobile, and can be left disabled if users frequently use the mobile app on their personal devices.
If you need to disable/re-enable someone's login:
- Go to Administration settings > User accounts and data > Edit, Invite, Disable users
- Search for the user and then click EDIT next to their name
- Scroll down to Account status and check/uncheck the box "Disable login for this person"
- Click on Save changes at the bottom of the screen
NOTE—this action can also be done on multiple users in bulk via CSV (by changing a user's value under AccountState from "Active" to "Disabled"). For information on how to bulk manage data, please see this article.
At the bottom you will find Password settings and can be used accordingly to help reduce security risks. You can choose to enforce strong passwords and/or have users change their passwords after a certain number of days.
If you choose to enable strong passwords, contributors will get the following screen letting them know the password requirements.
You can also manually have all users change their passwords upon their next login by clicking ‘Reset passwords’ at the very bottom of the page.